kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGACMDMAXDATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds access...

OESA-2026-1229 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATHMAX If the full path to be built by cephmdscbuildpath happens to be longer than PATHMAX, then this function will enter an...

CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

CVE-2025-69321

CVE-2025-69321 is a publicly detailed WordPress vulnerability affecting the Grand Spa WordPress theme (ThemeGoods Grand Spa) up to version 3.5.5. The issue is a Reflected XSS caused by improper input neutralization during web page generation. The vulnerability is classified as HIGH risk (CVSS v3....

CVE-2025-69047 WordPress MaxShop theme <= 3.6.20 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech MaxShop swmaxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through = 3.6.20...

OPENSUSE-SU-2026:20082-1 Security update for rabbitmq-server

This update for rabbitmq-server fixes the following issues: Changes in rabbitmq-server: Update to 4.1.5: Highlights - Khepri, an alternative schema data store developed to replace Mnesia, has matured and is now fully supported it previously was an experimental feature - AMQP 1.0 is now a core...

Mastodon security vulnerabilities

Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to v4.5.5, v4.4.12, and v4.3.18 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcing a maximum length for list names, filter names, or filter keywords, whic...

kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGACMDMAXDATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds access...

AZL-74985 CVE-2025-59466 affecting package nodejs for versions less than 20.14.0-13

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...

CVE-2025-59466

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...

CVE-2025-59466

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

kernel: net: atlantic: fix fragment overflow handling in RX path

An out-of-bounds write vulnerability was found in the Aquantia Atlantic network driver in the Linux kernel. When receiving packets that span more than MAXSKBFRAGS 17 fragments, the driver writes beyond the skb fragment array bounds in skbaddrxfrag, causing kernel memory corruption and panic...

PYSEC-2026-9

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000722)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000722 advisory. The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000677)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000677 advisory. Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append...

SUSE CVE-2025-68802

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit numsyncs to prevent oversized allocations The exec and vmbind ioctl allow userspace to specify an arbitrary numsyncs value. Without bounds checking, a very large numsyncs can force an excessively large allocation,...

EUVD-2026-2784

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002345)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002345 advisory. The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002136)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002136 advisory. net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers t...